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Summary 

As  a  continuation  of  the  use  of  the  specification  language  Z  which  was  used  to  specify  the 
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dence  between  the  two.  Using  Z  did  highlight  inconsistencies  in  the  HOL  specification  that 
may  not  have  appeared  until  later  in  the  specification. 
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1.  Introduction 

This  Memorandum  is  a  description  of  the  proposed  Viper2  microprocessor  using  the 
specification  language  Z.  The  description  is  a  continuation  of  the  work  done  on  the  Viperl 
processor  This  is  a  first  attempt  to  specify  the  Viper2  and  was  done  in  parallel  with  the 
specification  in  Higher  Order  Logic  (HOL)^.  There  may  therefore  be  some  inconsistencies 
between  this  document  and  the  HOL  description  Where  this  occurs  the  latter  should 
be  tsdien  as  the  definitive  description. 

In  safety  critical  applications  it  is  necessary  to  ensure  that  continued  operation  or  safe 
shutdown  of  a  system  is  achieved  when  erroneous  data  is  input.  There  are  two  methods 
to  increase  the  integrity  of  a  system:  to  analyse  the  software  for  errors  and  to  use  a 
processor  that  is  known  to  be  functionally  correct.  FWther  confidence  is  achieved  by 
using  multi-channel  systems  incorporating  processors  of  dissimilar  technologies  but  with 
the  same  functionality.  The  functionality  of  any  device  is  determined  by  the  designers 
specification.  If  an  error  exists  in  this  then  all  the  channels  in  the  system  will  experience 
the  same  common  mode  error. 

By  using  a  number  of  different  methods  to  specify  a  processor,  errors  that  may  be 
present  in  one  specification  may  become  apparent  in  another.  This  is  most  effective  when 
the  methods  used  are  basically  different  in  character.  This  can  be  completed  by  using 
proofs  of  correspondence  to  confirm  that  the  two  texts  have  the  same  meaning. 

An  expertise  in  the  use  of  Z  already  exists  at  RSRE  and  by  using  a  Z  editor  and  type 
checker  available  on  the  Computing  Divisions  PerqFlex  workstations  the  task  of  specifying 
Viper2  made  a  useful  project  for  a  vacation  student,  who  already  had  a  Knowledge  of  Z. 
As  a  guide  to  the  strategy  required  for  this  description  J.  Bowan’s  Z  specification  of  the 
M6800  microprocessor^  was  used. 

This  report  is  the  first  attempt  to  specify  the  Viper2  in  Z.  It  makes  no  attempt  to 
explsun  the  primary  constructs  of  Z,  nor  to  act  sis  a  tutorial  in  the  use  of  Z  to  specify  a 
microprocessor.  Readers  not  familiar  with  Z  should  consult  Specification  Case  studies  * 
edited  by  I.  Hayes.  Although  the  specification  has  been  type  checked,  it  has  neither  been 
proved  equivalent  to  the  HOL  specification  nor  to  be  free  from  errors.  Any  inconsistencies 
or  errors  found  in  this  document  should  be  reported  back  to  the  Computing  Division, 
RSRE. 


\HigheT  Order  Logic  (SOL)  it  a  detign  tool  developed  at  the  Cambridge  Computing  Laboratory. 


Z  Basic  Functions 
Z.l  Bits  and  Words 

Bit  £  <0.1> 

Word  £  <  u!N«Bit  I  «w>0  a  do®  w  ®  0  ..  («(«)  -  1  )  } 

Bits  are  represented  as  the  set  of  clemerts  with  values  B  or  !. 
Words  are  represented  as  a  set  of  partial  functions  fro®  nstu'sl 
numbers  to  Bits.  The  natural  numbers  correspond  to  the  position  of  the 
bit  in  the  word,  le  the  result  of  win'  (the  uo'd  w  acting  on  the  value 

n)  gives  the  n+1^^  Bt  of  the  word  w. 


Find  the  most  and  least  s.gn.ficant  bits  of  the  word, 
val  I  Word  -»  N 
b  w  :  Word  • 

(ew>l  )  M  (  val  w  ■  LSS  w  1 

(«w>l  )  -•  (  val  w  *  LSB  w  ♦  Z  *  vaKsuecJw)) 

val  returns  the  natural  number  represented  br  the  word.  Note  succlw 
gives  the  effect  of  a  Right  shift,  le  divide  by  two.  on  the  word,  ‘e 
if  suCcTw  IS  applied  to  n  then  first  succ  n  is  calculated-  and  then  w 

of  n+1  is  calculated  ie  the  n*Z'*'  Bit  is  returned  rather  than  the 

n+l'*’  one. 


Useful  for  left  shifting  Cm  a  siirilar  war  to  the  technique 
descr i bed  above ) . 


(_set_)  1  (Word>Bit  1  Word 


Id  H  I  Word;  b  >  Bit  • 

N  set  b  -  wtflOwbl.dwbO 

The  set  function  returns  a  word  which  has  all  of  its  bits  set  to  the 
spec  if  led  value. 


naxval  >  Word  -•  N 


b  H  :  Word  • 

'  ‘maxval  w  •  vaKw  set  1) 


Z 


(  3  w  :  Uord  •  ((  val  m)  >  ftaxval  w)  ) 

Returns  the  maximum  «/8lue  which  can  be  stored  tn  the  word* 


wrd  •  ^  (  N  Uo^'d  ) 

b  s*ze  i  N| ;  valu  i  N:  w  :  Word  • 

(wrd  s>ze  valu  «  w  )  «« 

( («w  s  Size  )  A 

(val  w  s  valu  mod  succ(maxval  m))) 


The  function  w^d  returns  the  word  of  size  size  and  set  to  the  value 
vaiu  (if  that  value  can  be  held  m  a  word  of  that  size).  Note  no 
alsofithm  is  9iven  for  calculating  wrd  from  its  arguments*  just  the 
relationsh.ps  wh.ch  must  hold  between  the  word  returned  and  the  mput 
arguments- 


y  wl  *wC  :  Word  •  a(wl*wu)  *  awl  ♦  awS 
Concatmate  two  words  together. 
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I  not  ■  <0-1  » 1**0> 

Generate  the  losical  inverse  of  the  input  bit. 

(_o_)  :  (B.l-Bit 

(_+_)  «  <t0.0  )-0.(0.1  My 

*  <(0,0)-0.t0.1  W0> 

(-•-)  *  <(0.CM.(0.n**D.(l,0K0.(l.l  Wl> 

Standard  b>tM>S6  logical  functions,  (note  o  is  exclusive  or) 

Viper_aux_l  keeps  «  o<not  * “  *Hrd iftexval  »set  >pred> val  >L5B  ^nSB > 

UordfB • t 
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2*3  Logical  fuetions  on  words 


wnot  *•  Uord  m  Uord 


d  M  :  Uord  « 

wnot  M  s  M  j  not 


Generate  the  inverse  the  input  word. 


UordPair  & 

<w  :  W  ^  (Bit^Bit)  I  aw^O  A  dom  w  ®  0  .  .  ( few  )-l  )  > 


(_pair_)  :  (Uord«Uord  )-*UordPair 

b  m1 >m2  ;  Uord  • 
m1  pair  w2  « 

{  I  :  U  I  I  €  doni  m1  h  dom  m2  •  i  (  m1  i  •m^  i  )  > 

Takes  a  pair  of  words  and  represents  them  as  a  set  of  bit  pairs* 
indexed  by  a  single  natural  number. 


( .and. )» ( _or^ ), (^exor^)  t  (Uord«Uord  )-•  Word 


b  Ml. m2  ;  Uord  • 
m1  and  w2  ®  ((mI  pa.r  w2  )  ^ 

wl  or  uZ  *  IImI  pair  w2  )  J 

wl  exor  w2  *  ((wl  pa^r  w2  )  # 

Standard  Mordwise  los'Cal  functions. 


(.«.)  X  tUord-B't)  -*  Uord 


b  M  :  Uor d^  b  :  6 1 t  • 

M  <<  b  ■  (  <aM>  <  (pred  #  w)  )  U  <0**b> 


(.>>.)  i  (6it«Uord)  ^  Uord 


I  b  M  :  Uord!  b  ;  Bit  • 

I  b  >>  M  «  <  ( (  Om  )*  1  )  «•  b>  U  ( succ  i  M  ) 

Shift  right  and  left  while  inserting  a  particular  b't  into  the  right 
or  left  most  position. 
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Z«4  ^ithmctic  Functions 

I  value  :  Uord  2 


^  M  :  Word  • 

((flSB  w  ■  1)  A  value  m  «  val  m  *  succ  (aaxval  m  ))  y 
( (nS6  M  *  0  )  A  value  m  «  val  m  ) 


Return  the  inteser  value  represented  by  the  Uord.  Th>s  is  usins  the 
2's  complement  notation.  (Remember  the  most  S'snif leant  bit  has  a 
weighting  of  So  to  cope  wth  negative  numbers  subtract  2*'. 


maxpos • maxneg  :  Uord  2 


b  wl*w2  :  Uord  I  «wl  •  ((Hw2H1)  • 
ma'<^pos  n1  ■  maxval  m2 
maxneg  m1  >  (ma^val  m2)  *  (maxval  wl ) 


Return  the  maximum  positive  and  negative  numbers  for  a  word  of  a 
part  I cular  s i ze • 


(_s  ■  gnexter.d.  )  :  (Uord*Wj  )  -•  Uord 

W  wl.w2  :  Uord:  length  :  Wj  | 

(length  i  awl  )/^(aw2  *  length)  • 

(mI  signextend  length)  «  (h2  set  rnSB  wl))  •  wl 
Sign  extends  the  word  to  the  length  specified. 

(_pad_)  :  (Uord«N^)  -  Uord 

y  wlfw2  :  Uord;  length  t  | 

(length  2  awl  )a(MmZ  *  length)  • 

(wl  pad  length)  «  (m2  set  G )  a  wl 


Pad  out  a  word  to  the  new  word  length  with  zeros 


(^trim_)  5  (UordxN^  )  -•  Uord 


b  w  :  Uord;  length  :  Nj  |  length  «  aw  . 
w  trim  length  *(0  ..  length)  A  m 


Trim  a  word  down  to  the  new  word  length.  Note,  use  the  above  with 
caution,  as  it  simply  returs  a  word  with  the  top  b'ts  'trimmed'  off. 
No  checU  IS  made  to  ensure  that  the  value  of  the  word  has  not  changed. 
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^  :  l4ord  I  (MmI  )  «  a  s(iiKt3) 


(m2  plus  m3  ■  (m1  trim  «m2)) 

0m  (value  Ml)s(value  m2  }^i value  m3) 


The  Mord  returned  by  plus  is  the  same  sire  as  the  Imo  input  Mords* 
and  holds  the  value  oT  the  sum  of  the  tMO  Nords»  iff  this  value  can 
be  held  m  a  Mord  of  that  sire< 


(_tifiies_)  :  (Uord«Uord)  -•  Word 


b  Ml. m2. m3  :  Uord  (  (aMl  )  *  ((aM2)«2)  a  '(MmB)  • 

(m2  times  m3  •  (m1  trim  Sm^  O 

00  (value  m1  )%( value  m2  )«•  value  m3) 


The  Mord  returned  by  times  is  the  same  size  as  the  tMO  mpjt  Mords. 
and  holds  the  value  of  the  p*‘oduct  of  the  tMC  Mords.  iff  this  value 
can  be  held  m  a  Mord  of  that  s>2e. 

I  (,.fflinus_)  :  (Uord«Wor-d)  -♦  Word 


b  Ml. m2. m3  :  Uord  I  (smI)  *  ((aw2)+n  a  (*•«?)  =(«m3)  . 

(m2  minus  m3  *  (m1  trim  aM2)) 

00  (value  m1  )sCvalue  M2''*(v8lue  m3) 


The  Mord  returned  by  mmus  is  the  tame  sire  as  the  Imo  input  Mords. 
and  holds  the  value  of  the  difference  of  the  tMO  Mord&»  iff  this  value 
can  be  held  m  «  Mord  of  that  size. 


(_carry^)  t  (Uord«Uord)  -•  Bit 


b  m1 .m2  :  Uord  « 

(m1  carry  m2  *  1  )  ((val  m1  )  ^  (val  m2)  >  maxval  m1  ) 


Top  level  spec  if icet ion  of  carry,  ie  a  carry  ts  senerated  Mhen  the 
result  IS  larger  than  the  meximum  possablc  value  Mhich  car.  be  stored* 


(_mcarry_)  i  (Uord*Uord)  Bit 
b  m1.h2  1  Uord  • 

(m1  mcarry  m2  «  1  )  a#  ((val  h1  )  ♦  tval  m2)  >  iiaxvsl  m1  ) 
Top  level  specification  of  carry  for  multiplication* 

(jborroM_)  :  (Uord"Uord)  -•  Bit 
b  h1 .h2  I  Uord  • 

(h1  borroM  m2  ■  1  )  (  (val  m1  )  <  (val  m2)  ) 
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m1  .uZ  :  Uord  I  ■  Mm?  • 

(m1  overflow  w2  ■  1  ) 

(  (  (value  wl  )  ■*  (value  w? )  >  aaxpos  wl  )  v 
(  (value  wl  >  *  (value  m2)  <  aaxnes  m2  )  ) 


Top  level  specification  of  overflow!  ie  overflow  when  tKie  sum  is 
greater  than  the  largest  pos  tive  value  which  can  be  held,  or  less 
than  the  largest  negative  number. 


(_moverflow_)  :  (Ucrd'Ucrd)  -•  Bit 


b  wl.w2  :  Uord  I  a^l  ^  «„2  . 

(wl  moverflow  m2  a  1  ) 

(  (  (value  wl  )  r  (value  m2)  >  mavpos  wl  )  v 
(  (value  wl  )  -r  (value  m2  )  <  mavneg  m2  )  ) 


Top  level  specification  of  overflow  for  multiplication. 


(_onderf low_)  i  (Uord*Uord)  -•  Bit 


b  wl<w2  :  Uord  I  awl  «  a.,2  • 

(wl  underflow  w2  •  1  )  a* 

(  (  (value  wl  )  -  (value  h2  )  >  mavpos  wl  )  v 
(  (value  wl )  •  (value  m2)  <  mavneg  w2  )  ) 


Top  level  specification  of  overflow  on  subtraction. 


(_equal_)  :  (Uord*Uord)  -•  Bit 


b  wlfM2  s  Uord  I  awl  •  aM2  • 

(m1  equal  m2  •  1  )  aa  (val  wl  •  val  m2) 


Returns  1  if  the  tuo  numbers  are  the  same. 


(_less_)  1  (Uord'Uord)  -•  Bit 


b  m1>m2  >  Uord  I  awl  a  aM2  • 

(wl  less  m2  a  1  )  aa  (  value  wl  <  value  m2  ) 


Returns  1  if  the  first  number  is  less  then  the  second- 

This  completes  the  underlying  theory  of  representing  natural  number 
arithmetic  by  operations  on  vectors  of  bits. 


3  Viper  Specifics 


3-1  Uord  Lenaths 


Uordg^  t  i  u 
Uord^^  t  <  M 

Uordjg  <  <  H 

Uord^  s  <  M 

Uo’-dg  £  <  u 

Uordj  »  <  u 

Uordj  *  <  w 


Uord  I  *M  •  64  > 

—*  for  Double  length  integers 
Uord  I  eu  •  3Z  > 

—  for  Data  words 
Uord  I  aw  -  20  > 

—  for  Address  words 

Uord  I  aw  •  4  > 

"  for  the  function  select 
Uo'd  f  a»  •  3  > 

—  for  the  destination  select 

Uord  I  aw  «  2  > 

—  for  the  register  and  menor)' 

select 

Uord  I  aw  •  J  > 

for  the  comparison  select 
and  flags 


Address  s  VordjQ 
Data  a  Uordg^ 
flag  a  Uordj 

—  Values 

oncizero  ;  Uord 
True. false  :  flag 

value  zero  «  0 
value  one  ■  1 
True  ■  <0wl> 
false  «  <0w0> 
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9.Z  fltmory 


The  definition  of  the  memory  and  peripheral  spaces*  and  the 
behaviour  of  these  two  reS'ons^ 


flemory 


riem 

Address 

—  Data 

PER  I  space  •• 

Address 

Data 

PPrtspace  : 

Address 

-•  Data 

10  t 

B.t 

(  1 0  =  0  )  m» 

(Hem  =  i 

RAPspace  ) 

{>0  =  1)  — 

(Hem  ~ 

PEP I space ) 

If  10  IS  2ero  then  all  memory  reads  are  from  the  space.  If  >o  is 
one  then  all  of  the  reads  are  from  the  PERIspace. 

rfiflemory  - 

flemor  y 
flemory’ 

6nem  :  Address  ^  Data 


(<o  s  0  )  «•  (RPnspace'  «  RPhspace  •  6nem ) 
(:o  «  1)  ^  (RPfIspace*  «  PPflspace ) 


If  10  is  ze-o  then  any  writes  w.ll  affect  the  value  »n  the  memor>  'f 
howeve*"  lO  is  one  there  are  no  changes  to  RAM.  Note  changes  to  PEP2 
are  not  modeled. 

Sflemory 

I  ^flemory 


fiflcm  «  0 


No  change  ir  memory. 
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3-3  Rssiste''> 

The  specification  of  the  Viper2  registers. 

[RegName] 

Register  e  <  rs  RegName  Uord  1  ar>0  > 

The  Registers  arc  the  partial  function  from  Register  names  to  Uords. 

Reg  :  RegName  -•  Uord 

d  n  :  RegName;  Regs  :  Register  . 

Reg  n  =  Regs  n 

Returns  the  value  in  the  Register  given  as  input. 


GeneralPurposeRegislers  _ 
I  ft. X.Y.Fl .Double  :  RegName 


Reg  P 

€ 

Uo»'d3^ 

Reg  X 

€ 

Uord32 

Reg  Y 

€ 

Uo'^dg- 

Reg  HI 

€ 

Uordjj 

Teg  Double 

€ 

Uordg^ 

Reg  Double 

s 

(Res  ftl 

The  four  general  purpose  read  write  registers  (note  X.Y.21  are  index 
registers.  The  register  double  is  the  concat  mat  i on  of  the  fi  and  2 
registers. 


AddressRegisters 
I  F.S.U.P  !  RegName 


Reg  F  c  Uord^g 
Reg  S  c  Uord2Q 
Reg  U  c  Uord^g 
Reg  P  «  Uord^g 


The  four  addressing  registers.  The  Frame  pointer  F  points  to  the 
start  of  the  current  stack  frame.  The  Frame  size  S  is  the  size  of  the 
current  stack  frame  ( le  the  stack  frame  goes  from  F  to  F+S?.  The  stack 
Limit  U  is  the  furthest  up  the  stack  is  allowed  to  grow.  Finally  The 
Porgram  Counter  P  is  the  position  in  memory  where  the  current 
instruction  was  read  from. 
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OtherResisters 
I  D. Wat chdo9. Temp  :  RegName 


Reg  D  e  Uord32 
Reg  Uatchdog  e  Uord^^ 
Reg  Temp  c  Uord^j 


The  three  remaining  registers-  The  0  register  is  the  error  message 
register.  IT  an  error  occurs  then  the  error  code  Tor  that  particular 
error  is  placed  in  0.  The  Watchdog  register  is  used  uhen  opera! >ng  m 
untrustcd  mode-  The  value  in  Uatchdog  is  the  number  oT  clocit  cycles 
leTt  to  complete  any  untruSted  operations.  The  registers  Temp  hold 
the  next  32-bit  instruction  to  be  executed- 


ProcessFlags 

B.Postcall .Trust  :  RegName 

Reg  6  c  Uordj 

Reg  Postcall  e  Uordj 
Reg  Trust  c  Uord^ 


The  three  process  Flags  are  held  as  one  bt  registers.  The  0  Flag 
contains  the  result  From  var  ous  comparisons  or  unsigned  arithmetc- 
The  Postcall  Flag  is  there  to  ensure  that  the  Enter  instruction  alwa.s 
occurs  aTter  a  call  instruction,  and  never  anywhere  else-  It  is  set 
true  aTte'  a  call  and  clea'ed  during  an  enter.  The  Trust  Flag 
determines  whether  the  machine  is  in  trusted  or  untrusted  mode- 


^ErrorFlags  . 

E.IP.IX. IT. IZ.IB.UE .NoSt ack .NoSize.NoL imi t  ;  RegName 

Reg  E  c  Uord^ 

Reg  IP  e  Uordj 
Reg  IX  c  Uordj 
Reg  lY  a  Uordj 

Reg  IZ  e  Uordj 

Reg  IB  c  Uordj 
Reg  WE  <  Uordj 
Reg  NoStack  c  Uordj 
Reg  NoSize  c  Uordj 
Reg  NoLlmit  e  Uo'dj 


The  error  flags-  The  E  flag  is  set  true  if  there  has  been  an  error. 
This  IS  utilised  by  the  Jump  on  error  and  Call  on  error  instructions- 
The  IP.  IX.  lY.  IZ  and  IB  flags  show  whether  a  register  holds  an 
invalid  value,  le  IP  is  true  if  P  has  not  been  loaded  since  the 
machine  started,  or  since  an  error  occured.  The  UE  register  is  set  if 
the  Uatchdog  timer  has  Expired  (hence  UE).  This  flag  will  cause  an 


IZ 


/ 


y  ^ 


•rror  to  occur  if  it  is  set  wKile  the  mechine  is  in  untrusted  mode-  It 
IS  isnored  in  trusted  mode.  The  NoStack*  NoSizc  and  NoLitmt  Flass  are 
set  true  if  thg  F*  S  and  U  resisters  have  not  been  set. 


Ress  i  Cr  rorFlass  a 

ProcessFlags  a 
OtherResisters  a 
AddressResistars  a 
Genar  al Pur  poseRes i st  e. s 


The  Uiper2  res'Ster  types 


—  registers  ______ 

I  Regs 

I  Registers  :  Register 


The  registers  at  split  time  consist  of  a  ‘bank’  of  registers  and 
the  Uiper2  register  types. 


reg  i  sters 

registers' 

ncMP 

Address 

NewUatcbdog 

Data 

NewUC 

Flag 

AReg 

RegNamc  ••  Uord 

Registers’  • 

Resisters  •  fP^neMp^UEp^NeHUF} 

•  fUstchdo9**NeMUatchdo9>  a  6Re9 

The  ViperZ  registers.  The  new  values  of  the  registers  are  the  same 
as  the  old  value,  apart  from  the  three  registers  which  are  always 
updated  (the  program  counter  watchdog  timer  and  watchdog  expired 
flag).  These  can  be  overwritten  by  any  modifications  to  them  m 
AReg.  Any  other  changes  in  the  registers  (due  to  the  various 
instructions)  are  also  contained  in  AReg. 


—  SRegisters 
I  ARegisters 


AReg  «  <} 


All  of  the  registers  remam  the  same  (apart  from  ti.c  three  above) 


13 


3.4  Clock 


The  ViperZ  clock  is  not  represented  in  the  HOL  specif icet ion. 
A  definition  is  included  here  for  completeness. 


r Clock 
Clk  :  N 


Clock  Simply  counts  up  from  S. 


^fiClock  __ 
Clock 
Clock ' 
Cycles  :  N 


Clk’  -  Clk  ♦  Cycles 


Cycles  IB  the  number  of  cycles  needed  to  complete  the  present 
nstruction.  The  peremeter  cycles  is  used  by  the  Watchdog  timer. 


w 
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7^ 


3.5  Stop 

The  deTinition  of  the  Stop  Flaa- 


rStop 

stop  :  Bit 


The  sinsle  bit  to  determine  whether  the  nachme  is  stopped  or  not. 
AStop 

ARes I sters 

Stop 

Stop’ 

Values 
sval  :  Bit 


stop  *0 

newp  «  Reg  (P)  plus  one 


The  machine  has  not  stopped.  The  new  value  of  the  Program  Counter  is 
P^l.  The  value  of  stop'  is  set  later  in  the  specification. 
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3*6  Viper  State 


AState  e  AHemory  a 

ARegisters  a 
AClock  A 
AStop 

The  Viper?  chansins  state.  The  chanse  in  the  Viper  state  is  the 
change  in  memor)'  and  the  change  in  registers  and  the  change  in  stop. 


Ar ithmet i cAndLog i calUn it  ^ 

rtm  :  Data 

offs  :  Data 

base  :  Data 

Result  :  Data 


The  inputs  and  outputs  to/from  the  RLU.  r  and  m  are  the  Imo  inputs 
to  the  ^LU  and  Result  is  the  result  from  it.  Base  is  the  base  address 
to  read  the  memory  im)  input  to  the  ALU  from  and  offs  is  the  actual 
address  of  the  read. 


3.7  VipcrZ  Operation  Codes 


I 

r 

r 

I 


U I  per  ZDpCode 


OP 

1  Uord32 

si 

:  Uord^ 

sZ 

1  Uord^ 

sZl 

!  Uord^ 

%2u 

:  Uord^ 

:  Uord^ 

fc 

:  Uord^ 

fcl 

1  Uord^ 

fch 

1  Uord^ 

addr 

I  Uord2() 

op  * 

sZ'sl'fq'fc'*  addr 

fc  * 

fch  *  fcl 

sZ  * 

sZu  *  sZl 

The  ViperZ  Op  code.  Op  is  the  op  code  and  is  loaded  from  the  address 
pointed  to  by  the  Prosram  Counter.  The  op  code  is  the  coneat mat lon  of 
the  five  fields  shouni  s2.  si.  fq>  fc  and  addr.  The  fc  and  s2  fields 
are  further  subdivided  into  two  Z  bit  fields. 

The  s2  field  selects  the  addressins  node  for  the  a  input  to  the  ALU 
if  the  instruction  is  a  data  operation,  or  whether  the  operation  is  a 
control  or  write  instruction.  The  sl  field  selects  the  rcsister  tr) 
Input  to  the  ALU  or  the  type  of  certain  load  instructions.  The  fq 
(functional  qualifier)  field  selects  the  destination  resister  of  the 
data  instructions,  or  whether  the  instruction  is  a  control  or  a  write 
instruction.  It  also  determines  the  type  of  call  or  branch  performed 
(le  absolute  or  Prosram  Counter  relative).  The  fc  (function  code* 
determines  the  instruction  to  be  performed.  Finally  the  addr  field 
determines  the  location  to  jump  to.  write  to.  read  from  etc. 
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7^ 


3-B  ViparZ  Ovarall  Stata 


UiPerZInputs  ^ 
I  attention  :  Bit 
I  reset  :  Bit 


The  two  external  input  lines-  These  arc  assumed  to  be  S)'nchronou5 
lines  clocked  m  at  the  start  of  each  instruction.  The  attention  line 
IS  set  by  external  devices  to  inform  the  processor  when  they  require 
attention.  It  is  polled  by  the  Jump  and  Call  on  attention 
instruct  ions- 


ttl  I  per  Z 

fiState 

Ar I thmet i cAndLos i calUn ■ ' 
y iPerZOpCode 
UiPerZInputs 
Ualues 


op  «  Mem  (Res  (P  ) ) 
reset  >  D 

(Res  UE  »  False)  «•  (NewUatchdos*IRes  Uatchdog) 

minus  (wrd  3Z  Cycles)) 

(NewUE  •  True)*m((Res  Watchdos)  borrow  (wrd  3Z  Cycles)  =  1) 


The  op  code  is  the  value  in  the  memory  location  pointed  to  by 
Prosram  Counter.  The  reset  line  must  be  low#  otherwise  the  machine 
will  reset.  The  new  value  of  the  Uatchdos  Expired  flas  will  be  set  to 
True  if  the  watchdos  counter  will  become  less  than  zero  in  the  course 
of  the  present  instruction  (not  quite  true  as  WE  in  fact  goes  true 
immediately  the  Watchdog  timer  goes  below  zero).  The  watchdog  timer  is 
decremented  if  the  WE  flag  is  not  set. 


Stopped  __ 

Hflemory 

HRegisters 

Stop 

Stop' 

AClock 


stop  *  1 
stop*  ■  1 
newp  ■  Reg  (P ) 


The  machine  has  stopped,  and  cannot  restart  until  there  is  a  Reset. 
_  HU  1  per  Z  I 

AUiperZ 
Eriemory 
HRegisters 
AStop 


IB 


Viper  state  unchanged  (except  Uatchdog  and  UE  updated) 

—  Peset 
cflemory 
ARegisters 
AClock 
AStop 

VipcrEInputs 

Values 


stop'  X  0 
reset  «  1 
val  neup  •  0 

AReg  <  <C>^alseiIA~True>IX~True>NoStacl<»True>No5ize»True> 
IY~Trua.  IZ~True.lB~True.Trust~True.NoL  iBi  I  t~True . 
U£~Ealse.Ustchdog~((Reg  Uatchdog)  set  1» 


tiachine  status  on  a  Reset.  All  of  the  Register  Illegal  flags  are  set 
to  true  (as  the  registers  have  not  had  any  values  loaded  into  then 
yet).  The  error  flag  is  set  false,  as  is  the  Uatchdog  Expired  flag 
The  program  counter  is  set  to  zero. 


ViperZINIT  _ 
Reset 


Clli'  •  0 


rtachine  on  start  up. 


Viper Z_machine_state  keeps 

AClock .Stop.&Stop.fiViperZ.cV iperZ. V i perZINlT . 
AHemor  y . HHemor  y . r eg i st  er  s . AReg i st  er  s . C 1 ock . 
Addrcss.Osts.risg.Memory.Rcset .Reg.Uordg^ . 

Uord32.Uord20.l^o''d^.Uord3.Uord2.Uordi  .Stopped. 
RcgName 


This  section  specifics  the  inputs  to  the  ViperZ  ALU. 


invalid  t  Uord  -•  Bit 


IB  M  :  Uord  • 

(invalid  H  •  1  )  *•  (val  m  >  aiaxval  (nrd  ZO  0  ) ) 

Returns  True  if  the  value  is  greater  than  can  be  held  in  a  Z6  bit 
word. 
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Instruct  ion 

I  flUiper? 

I  ErrorUdluc  '•  Data 


The  instruction  bein^  executed  is  tllesal*  The  error  code  of  the 
particular  error  is  returned  m  ErrerValue. 


IllesalP _ 

I  Errorinstruct lon 


val  (Res  P)  •  maxval  (Pes  P) 

(val  s2  s  iSj  V  (val  fp  ■  3)  v  Cval  fc  ^  7) 


The  program  coorter  is  about  to  carry*  and  the  current  instruction 
IS  not  a  jump,  (there  ‘S  no  need  to  couse  an  error  if  the  instruction 
■s  a  jump*  as  there  is  no  'return*  as  in  a  call  instruction). 
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4.2  Address ins  Nodes 


Global Address  I  ns 
I  Oatslnstruct ion 


val  s2u  •  0 

Res  Trust  »  True 

base  ■  addr  pad  32 


Relative  addressing  node-  The  base  address  is  the  address  in  the  Op 
code.  The  machine  must  be  in  trusted  mode. 


StackRelat  iveAddressms 
I  Oatalnstruct ion 


val  s2u  s  1 

base  >  (addr  pad  32)  plus  (Reg  f  pad  32) 


Stack  relative  addressing.  This  gives  access  to  local  routine 
variables.  The  base  address  is  the  Frame  pointer  offset  by  the  address 
from  the  Op  code.  No  check  is  mad*  here  to  see  if  the  address 
calculated  is  in  the  current  stack  frame.  This  is  done  in  a  later 
error  frame. 

—  ProgramCounterRelat  i  veAddressmg 
I  Oatalnstruct ion 


val  s2u  ■  2 

base  «  (addr  pad  32)  plus  (Reg  P  pad  32) 


Program  Counter  relative  addressing.  This  gives  access  to  constants 
embedded  in  the  program.  This  allows  routines  to  be  relocatable  in 
memory  ( le  standard  ROhs  can  be  bought  which  can  plug  straight  into  a 
system).  The  base  address  is  the  program  counter  plus  the  input 
address. 


AddressBases  •  Global Address  mg  v  StackRelat ivcAddressing 
V  Pr  0 gr  amCount er Re 1 at i vcAddr  ess i n g 

The  three  basic  addressing  modes.  The  base  address  is  offset  by  the 
various  index  registers  (or  not  in  the  case  of  absolute  addressing). 


—  AbsoluteAddressing  ^ 
I  AddressBases 


val  sZl  ■  0 
offs  *  base 

-  -  « 

Absolute  Addressing.  The  location  to  read  in  from  is  simply  the  base 
address  def ined  above. 


22 


rv'  '(T’w 


XIndexedAddress i ns 
I  AddrcssBases 


val  ftZl  X  1 

offs  •  base  plus  (Res  X) 


Indexed  Addressins  usins  the  X  index  resister.  The  location  to  read 
in  from  is  the  base  address  plus  the  value  contained  in  the  X  index 
resister.  Note  the  value  in  X  can  be  either  a  positive  or  a  nesat i ve 
value.  This  can  be  used  to  index  arrays  etc. 


YlndexedAddressms 

AddressBases 

val  s21  «  2 

offs  ‘  base  plus  (Res  Y) 


Indexed  Addressins  usms  the  Y  index  resister.  The  location  to  read 
in  from  is  the  base  address  plus  the  value  contained  in  the  Y  inde> 
resister.  Note  the  value  in  Y  can  be  either  a  positive  or  a  nesative 
value.  This  can  be  used  to  index  arrays  etc. 

HlndexedAddress  ms  _ 

I  AddressBases 


val  sZl  X  3 

offs  •  base  plus  (Res  31) 


Indexed  Addressins  usms  the  3  index  resister.  The  location  to  read 
m  from  is  the  base  address  plus  the  value  contained  m  the  3  index 
resister.  Note  the  value  m  Z  can  be  either  a  positive  or  a  nesat  >ve 
value.  This  can  be  used  to  index  arrays  etc. 


IndexedAddressins  *  3IndexedAddressms  v  YlndexedAddressms 
V  AbsoluteAddressms  v  XlndexedAddress ms 

All  of  the  smple  addressins  modes. 


IndexAddressms  __ 
I  IndexedAddressins 


val  fc  0  13 
val  s3  <  13 

n  ■  flcm  (offs  trim  30) 
io  •  0 


The  simple  addressins  modes.  This  doss  not  include  the  case  of  the 
monadic  instruct  ions>  where  a  memory  read  will  not  be  takms  place,  or 
the  Immediate  and  Resister  addressins  modes,  where  no  memory  read  is 
takins  place.  The  value  on  the  io  pin  is  zero,  so  the  word  read  m  is 
read  from  the  RAM  space.  The  m  input  to  the  ALU  is  the  value  in  the 
location  pointed  to  by  offset.  The  case  of  offset  be  ms  outside  the  30 
bit  address  space  is  dealt  with  in  the  errors  later. 
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I  nimed  i  at  eflddr  ess  i  ns 
I  Oatalnstruct ion 


(val  St  *  “  sddr  pad  32)  v 

(val  s2  •  13)a(>'<  *  wnot  (addr  pad  32)) 


The  two  Immediate  Addressins  modes.  The  m  input  to  the  ALU  is  the 
value  in  the  address  field  padded  uith  seros  to  32  bits,  if  s2  is  12. 
If  s2  iS  13  then  the  m  input  is  this  value  inverted  (le  I's 
complement).  This  allows  both  negative  and  positive  values  to  be  used 
as  constants. 


4.3  Access  to  General  Purpose  Registers 


Reg  I ster Address  ^ 
Datalnstruct ion 

val  s;  =  31 


In  this  case  the  m  input  to  the  ALU  is  one  of  the  general  purpose 
registers  A.  X  V,  or  2.  Uh.ch  register  is  used  is  determined  by  the 
bottom  tuo  bits  in  the  address  field  of  the  op  code. 

UseReg  i  st  er  fl 

Register Address 

<val  addr  )  mod  1*0 
m  =  Reg  A 


The  A  register  is  used  as  the  m  input  to  the  ALU. 
UseRegisterX 
I  RegisterAddress 


(val  addr  )  mod  1*1 
m  *  Reg  X 


The  X  register  is  used  as  the  m  input  to  the  ALU. 


^UseRegisterY 
RegisterAddress 

(val  addr  1  mod  1*2 
m  «  Reg  Y 


The  Y  register  is  used  as  the  m  input  to  the  ALU. 
_UseRegister2  ^ 

I  RegisterAddress 


(val  addr  )  mod  1*3 
m  *  Reg  21 


The  2  register  is  used  as  the  m  input  to  the  ALU. 


RegisterAddress mg  a  UseRegisterA  v  UseRegisterX 

V  UseReg isterY  v  UseReg ister 2 


The  four  cases  of  register  addressing. 

nemoryRcad  a  Immediate  Addr  ess  mg  y  IndexAddress  mg 
V  RegisterAddressing 

The  fifteen  cases  of  memory  addressing  for  the  fifteen  values  s2  can 
have  for  any  data  instruction. 
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4.4  Illcsal  Addressing  Operations 


r  Stack  Net  Set  ____ 
Datalnstrjct lon 
Errorlnstruct ion 


val  sZu  >  1 

Reg  NoStack  «  True 

6f1etr.  *  ■(> 


Stack  Relative  addressing  has  been  specified,  houever  no  stack  has 
been  set  up  ( le  no  value  has  been  loaded  into  F). 

—  UnsetX 

I  AddressBases 
I  Errorlnstruct ion 


val  s21  »  1 
Reg  IX  =  True 
fiheir  =  <> 


The  X  register  has  been  selected  as  the  index  register  to  be  used. 
but  It  has  either  not  been  loaded,  or  an  error  has  occured  in 
untrusted  node  and  all  of  the  registers  have  been  marked  as  illegal 


UnsetY 


n  Add*" 

essBases 

1  Error  Instruct 'on 

val 

s21  «  2 

Reg 

lY  ■  True 

Aricii 

•  <} 

The  Y  register  has  been  selected  as  the  index  register  to  be  used, 
but  it  has  either  not  been  loaded,  or  an  error  has  occured  in 
untrusted  mode  and  all  of  the  registers  have  been  marked  as  illegal 

r Unset? 

AddressBases 
Errorlnstruct ion 


val  t?l  *  3 
Reg  I?  «  True 
6nem  »  <} 


The  ?  register  has  been  selected  as  the  index  register  to  be  used, 
but  it  has  cither  not  been  loaded,  or  an  error  has  occured  in 
untrusted  mode  and  all  of  the  registers  have  been  marked  as  illegal 


UnsetAddressingRcgister  a  StackNotSet 

V  Unset? 

V  UnsetY 

V  Unset X 


?E 


The  four  cases  of  illesally  used  registers. 

rlDegalStackAddress 

IndexedAddress ing 
Error  Instruct  ion 


val  fc  «  13 
vsl  s2u  «  1 

((val  offst  <  (val  (Reg  Fl)  ^ 

(val  offs)  >  (val  (Reg  F))  ♦  (val  (Reg  S))) 

finem  =  <> 


—  Illegal  ReadAddr  ess 
I  IndexedAddressing 
I  Error  Instruct  I  on 


val  fc  «  13 
val  s2  <  12 
inval id  offs  •  1 
fidem  '  <} 


This  IS  the  only  check  that  is  needed  to  see  if  the  address  is 
sn^thirl^'®  'u  ^*^*“®*  1!?*  address  is  at  most  a  21  bit  number, 

overflow  on  th*  first  addition.  The  index  retster 
this  bssc  vslus  csn  be  one  o^  ^our  csses> 

overfln,.,^^TK-«^fK.'’Slo*^?'’  •  *''*  number  and  the  result  causes 

detecls  ihl  !Lal?d  ’* 

•  *''«  "‘""ber  and  no  overflow  occurs. 
Then  the  address  is  valid  iff  the  above  predicate  holds. 

Th»n'»h-^«  'iJ***  bolds  a  -ve  number  and  a  carry  occurs. 

val"d^^*  •  Po*'T'''e  number  less  than  the  base.  It  is 

and  no  carry  occurs,  ie  the 

index  register  held  a  negative  number  which  was  'larger'  than  the 
addris^'*  '*  •'  numbers  HSB  -  1,  a^  hence  invalid 

RLlIiflYs'"si?lve!'*  overflow  cannot  occur  as  base  is 
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Register  addressing  has  been  specif ledi  with  the  m  input  to  the  ALU 
coming  from  the  A  register.  This  register  houiever  does  not  contain 
val  id  data. 

Reg  I  ster  XInval  i  d 
Reg  I ster Address 
Error  Instruct  ion 

(val  addr  1  mod  f  *  1 
Reg  IX  *  True 
6I1em  =  <> 


Register  addressing  has  been  specified,  with  the  m  input  to  the  ALU 
coming  from  the  X  register.  This  register  howeuer  does  not  contain 
val id  data. 

RegisterYInval  id 
I  Reg  I ster Address 
I  Errorinstruct ion 


(val  addr  )  mod  +  *  2 
Reg  lY  «  True 
fiflem  «  <> 


Register  addressing  has  been  specified,  with  the  m  input  to  the  ALU 
coming  from  the  Y  register.  This  register  however  does  not  contain 
val id  data. 

rRegisterZInval  id  _ 

Reg  I  star Addr ess 
Errorinstruct ion 


(val  addr  )  mod  1  <  3 
Reg  12  «  True 
AHem  ■  <> 


Register  addressing  has  been  specified,  with  the  m  input  to  the  ALU 
coming  from  the  2  register.  This  register  however  does  not  contain 
valid  data. 


Registerlnval id  a  RegisterAInval id  v  RegisterXInval id 

V  RegisterYInval id  v  RegiSterZInval id 
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The  four  cases  uhcra  an  illcsal  resisiar  has  been  selected  to  be  the 
ID  input  to  the  ALU. 


r  Reaister Select Inval idCrror 
I  per  2 

Errorinstruct ion 


(  (val  s2  «  15  A  val  fc  a  13  )  v 
(val  fq  •  3  A  val  fc  <  12  )  v 
(val  fc  •  6 )  ) 

fiHeni  •  <} 


The  instruction  selected  requires  a  reaister  be  the  r  input  to  the 
ALU.  (ic  either  a  dyadic  data  instruction  s2  a  IS  and  fc  «  13>  a  wite 
instruction  s2  •  15.  fq  •  3  and  fc  <  12  (this  last  condition  because 
fc  2  12  Mould  give  a  different  error  code),  or  the  instruction  is 
decrement  Mith  branch  on  zero. 


RegisterSelectAlnval id 
I  RegisterSelectlnval idError 


val  si  a  0 
Reg  lA  «  True 


The  instruction  requires  the  r  input  to  the  ALU  to  be  the  A 
register,  but  this  register  does  not  contain  valid  data. 

Reg. star SelectXlnval  id 

I  RegisterSclectlnval idError 


val  si  =  1 
Reg  IX  »  True 


The  instruction  requires  the  r  input  to  the  ALU  to  be  the  X 
register,  but  this  register  does  not  contain  valid  data. 

Register SelectYlnval  id 

I  RegisterSelectlnval idError 


val  si  «  2 
Reg  IT  «  True 


The  instruction  requires  the  r  input  to  the  ALU  to  be  the  Y 
register,  but  this  register  does  not  contain  valid  data. 


RegisterSclectZInval id  ___ 
RegisterSelectlnval  i^rror 

val  si  «  3 
Reg  12  *  True 


The  instruction  requires  the  r  input  to  the  ALU  to  be  the  2 
register,  but  this  register  does  not  contain  valid  data- 
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<•6  Coaiparison  Operations 


Compareframe 
I  Resiste'-Select 
I  FleaoryRead 
I  Bresult  :  Uordj 


6nein  =  <} 


Fraains  schema  for  comparison  operations.  All  resisters  are 
unchansed  cxept  For  the  Prosram  counter.  B  is  set  in  the  various 
comparisons  belou. 


GreaterThanOrEqualTo 

CompareFrame 

val  fc  =0 

Bresult  *  urd  1  (not  (r  less  ml) 


Bresult  IS  set  true  iF  the  r  input  is  sreater  than  or  equal  to  the  m 
input. 


EqualTo 

CompareFrame 

val  Fc  «  1 

Bresult  X  urd  1  (r  equal  m) 


Bresult  IS  set  true  iF  the  r  input  is  equal  to  the  m  input. 


Greater  Than  . 
I  CompareFrame 


val  Fc  •  2 

Bresult  *  urd  1  <not((r  less  a)  (r  equal  a))) 


Bresult  is  set  true  if  the  r  input  is  sreater  than  the  a  input. 

^  Uns  i  snedLessThan 
CompareFrame 

val  fc  •  3 

Bresult  ■  urd  1  (r  borrou  a) 


Bresult  is  set  true  if  the  r  input,  treated  as  an  unsisned  intcser. 
is  less  than  the  a  input. 


31 


f 


_ AndEqualZero 

p  I  Conpar  eE  r  ame 


val  fc  •  ^ 

Bresult  «  Mrd  1  (Cr  and  a)  aqual  (zero)) 


Bresult  is  set  true  if  the  r  input  losically  ended  with  the  a  input 
is  equal  to  zero- 


CompOp  *  AndEqualZerc  v  UnsisnedLcssThan  y  Greater Than 
V  EqualTo  V  Greater ThanOrEqualTo 

The  five  basic  comparison  operations-  B  is  loaded  with  the  follouing 


Cond  1 1  i  on 
CompOp 

val  fq  «  0 

iReg  «  fBp«Bresult  .IB><false> 


B  is  loaded  with  Bresult-  The  Illesal  B  flaa  is  set  false  to  shou 
that  the  B  resister  contains  valid  informat lon- 


NotCond 1 1 1  on 
I  CompOp 


val  fq  «  1 

6Re9  «  <Bp<Mnot(Brcsult  )pIB>*false> 


B  is  loaded  Mith  not  Bresult.  The  Illegal  B  flag  is  set  false  to 
show  that  the  B  register  contains  valid  information. 

BorCond  1 1 1  on 

I  CompOp 


val  fq  ■  2 

6Reg  •  {B»(  RcgtB)  or  Bresult  )>IBp<false> 


B  IS  loaded  with  Bresult  or  B-  The  Illegal  B  flag  is  set  false  to 
show  that  the  B  register  contains  valid  information. 

BorNotCondit  ion 

I  CompOp 


val  fq  •  3 

6Reg  ■  <Bw(Reg  (B)  or  wnot (Bresult  ))pIB>^alse> 


B  is  loaded  with  not  Bresult  or  B-  The  Illegal  B  flag  is  set  false 
to  show  that  the  B  register  contains  valid  information. 


Compare  e  Condition  y  BorNotCondit ion 

y  BorCond it  ion  y  NotCondition 
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The  four  operations  load' 
1200  compare  operations  out 


ng  B  with  a  result.  There  are  15  »  4  « 

4  ^ 

of  the  possible  Z'*'"  ViperZ  operations 


I 


I. 
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4.7  ViperZ  ArithiMiic 


rfiLUlnstruc'  ion 

Res'Ster Select 

HemcyRead 

66  :  ResKame  ^  Uord 


6nem  «  <} 


Framing  schema  for  all  of  the  ALU  operations.  Note  memory  cannot  be 
changed.  66  holds  any  changes  to  the  8  register. 


S 1  gnedAdd 
ALUInstruct i on 

val  fc  «  5 
Result  *  r  plus  m 
66  =  <> 


Add  r  to  m.  There  is  no  check  for  overflow,  this  is  done  later  m  an 
error  schema. 

_  Uns  I  gnedAdd 

I  ALUInstruct ion 


val  fc  *  6 
Result  «  r  plus  m 

66  *  {8wwrd  1  (r  carry  m).iewFalse> 


Add  r  to  m.  setting  6  if  there  is  a  Carry.  16  is  set  false  whatever 
the  result. 


—  SignedSubtract 
I  ALUInstruct ion 


val  fc  «  7 
Result  m  r  minus  m 
66  «  <> 


Subtract  r  from  m.  There  is  no  check  for  underflow,  this  is  done 
later  in  an  error  schema. 
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Uns i snedSublr  act 
I  ALUInstruct ion 


val  fc  -  8 
Result  *  r  minus  m 

6B  •  {B~wrd  1  (r  borrow  m).IB~Fsl5e> 


Subtract  m  from  r.  and  sett  109  B  if  there  is  a  Borrow.  IB  is  set 
false  whatever  the  result. 

—  Sisnedriult  iply 

BLUInstruct ion 

val  fc  «  12 
Result  <  r  times  m 
4B  «  <> 


Multiply  r  by  m.  There  is  no  check  for  overflow,  this  is  done  later 
In  an  error  schema. 


ftrithmeticQp  a  (  UnsisnedAdd  v  SignedSubtract  v  SignedMult iply 
V  UnsignedSubtract  y  SisnedAdd  ) 

The  five  arithmetic  operations.  There  are  15  »  4  »  5  =  3D0  possible 
Operations  (le  15  addressing  modes  by  four  register  inputs  by  five 
Possible  operations). 
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4.9  Load  Instruction 


Monad  I  cinstruct  ion 
I  IndexedAddrcss rng 
I  1  ReaNanie  <•  Uord 


val  fc  *  13 


The  operation  is  a  nonadic  or  load  instruction.  There  is  no  register 
select,  the  only  operand  comes  from  the  m  input  to  the  ALU-  The 
register  select  field  si  is  used  to  determine  which  operation  is 
per formed. 


LoadRegister 


Monad  1 

cinstruct ion 

val  si 

>  0 

Result 

•  neiT»(offs  trifli  20) 

&B 

•  <} 

i  0 

«  0 

Simply  load  the  register  with  a  value  from  a  memory  location. 


LoadAndNegat  eReg i st  er 
I  Monadicinstruct ton 


vsl  si  •  1 

Result  «  zero  minus  (Hemtoffs  trim  20)) 
6B  ■  <> 
iO  m  0 


Load  and  find  the  Z*s  complement  of  the  value  from  a  memory 
location.  There  is  no  check  to  see  if  there  has  been  an  overflow  as 
this  IS  done  in  a  later  error  schema. 

LoadEffect iveAddress  ^ 

I  Monadicinstruct ion 


val  si  ■  Z 
Result  «  offs 
A6  •  <} 
val  sZ  S  IZ 
io  >0 


Load  the  address  detemined  by  the  addressing  mode  into  the  result. 
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InputFromPERI 
I  Honad^clnstruct lOr 


val  si  *  3 

Result  =  HemfoFFs  Irm  20) 
bB  •  <> 
val  s2  £  3 
10  *  1 


Load  tn  a  word  from  P£RIphc''al  space. 

LoadOp  A  LoadReaiSter  y  LoadPodNesateRes > ster 

V  LoadEffect ivePddress  v  Inputfro^PERI 

One  of  the  four  load  operations.  There  are  15  *  1  »  4  b  BO  possible 
operat ions. 


PLU  a  Logical Op  v  PrithmeticOp  y  LoadOp 

An  ALU  operation.  At  present  there  are  300  +  100  +  B0  = 
operations  defined. 


510 


4.10  Dssti nation  Rasistors 


ResultToA 
1  «LU 


val  fq  =  0 

6Re9  •  <A.^esult.IAxF8lse>  •  6B 


Load  the  result  from  the  ALU  into  the  A  register  and  set  the  lA  flag 
false  to  show  that  there  is  valid  data  in  the  A  register.  Also  set  the 
B  and  IB  flags  if  ther  should  be  set  b>'  this  operation. 


ResultToX 

I  BLU 


val  fq  *  1 

fiReg  =  fXwResult . IXwFalse>  a  6B 


Load  the  result  from  the  ALU  into  the  X  register  and  set  the  IX  flag 
false  to  show  that  there  is  valid  data  in  the  A  register.  Also  set  the 
B  and  IB  flags  if  they  should  be  set  by  this  operation. 


ResultToY 

I  BLU 


val  fq  »  2 

6Reg  «  fYwResult.IYwfalsel  a  6B 


Load  the  result  from  the  ALU  into  the  Y  register  and  set  the  lY  flag 
false  to  show  that  there  is  valid  data  in  the  A  register.  Also  set  the 
B  and  IB  flags  if  they  should  be  set  by  this  operation. 


ResultToZl 

I  BLU 


val  fq  *  3 

6Reg  «  fZlwResult . IZwFalsel  a  6B 


Load  the  result  from  the  ALU  into  the  Z  register  and  set  the  IZ  flag 
false  to  show  that  there  is  valid  data  in  the  A  register.  Also  set  the 
B  and  IB  flags  if  they  should  be  set  by  this  operation. 


ALUOp  a  ResultToA  v  ResultToX  y  ResultToY  y  ResultToZl 

Load  one  of  the  four  general  purpose  registers.  There  are  540 
•  4  «  ZIGO  possable  operations.  The  two  other  function  codes  fc  •  13. 
fc  “  14  will  give  annother  15«4»Z«4«  4B0  operations.  This  means 
that  in  total  there  arc  Z640  data  operations  possible. 
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An  overflou  has  occured  on  a  sisned  add. 

rSignedSubtractUndeflort  ^ 
ALUInstruct I  on 
Error  Instruct  ion 

val  fc  =  7 
(r  under  floM  i»  )  «  1 
itlem  *  <} 


An  underflow  has  occured  on  a  signed  subtract. 

^Si  gnedHult  i plyOverf  low  ^ 

ALUInstruct lon 
Error  Instruct  ion 

val  fc  =  12 
(r  overflow  m )  •  I 
AHern  «  <} 


An  overflow  has  occured  on  a  signed  multiply. 

^LoadAndNegateRegisterOverflow 
(lonad  I  cinstruct  ion 
Error  Instruct  ion 

val  si  ■  1 
m  «  Mem  (offs  trim  20) 

(zero  underflow  m)  «  1 
fiMem  •  <> 

An  underflow  has  occured  when  loading  and  negating  a  register.  Thi 
means  that  the  value  which  was  loaded  must  have  been  maxneg. 
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LoadEffect i v«ftddressError  ^ 
I  rionadiclnstructian 
I  Errorinstruct ion 


val  si  >2 
val  e2  >  12 
fiOem  «  <> 


Illesal  operation>  if  s2  >  12  then  it  is  immediate  or  register 
addressing,  le  there  is  no  ‘effective  address', 


InputFromPERIError  ^ 
tlonadiclnstruct  ion 
Errorinstruct ion 

val  si  «  3 
val  s2  >  3 
fiflem  =  {> 

The  operation  is  an  input  from  PERI,  but  the  addressing  mode  is  not 
global ■ 

rlllegalflddress  ^ 

ttonadicinstruct ion 
Error  Instruct  ion 


val  si  »  2 
in val id  offs  «  1 
dHem  •  <> 


The  operation  has  been  defined  as  a  load  address  but  the  address  is 
not  legal. 


HonError  •  LoadEffect i veflddressError  y 
Input FromPERIError 


rionadError  a  HonError  y 

*'  (HonError  )  a  IlIcgslAddress 


HonadicError  a  HonadError  y 

■■  (HonadError)  a  LoadflndNegateRegisterOverflow 


Needed  to  cope  with  Imo  errors  in  the  same  instruction.  A  load 
Effective  Address  Error  will  be  noticed  before  an  Illegal  Input 
Address  error  which  will  be  noticed  before  a  Load  and  negate  register 
overflow. 

ArithError  a  SignedAddOverf low  y 

SignedSubtractUndcflow  y 
SignedHult iplyOvcrf low  y 
HonadicError 
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The  instruct  on  is  a  control  instruction. 


rOest  mat  lOnSelect  __ 
Controllnstruct ion 
Destination  ;  Uord^n 


(val  fq  «  0  )A(0est  mat  ion  «  addr  pad  3Z) 

(val  fq  *  1  )a 

(Destination  =  (addr  pad  32)  plus  (neup  pad  32)) 
(val  fq  =  2)a 

(Destination  >  (addr  pad  32)  minus  (nenp  pad  32)) 


The  framing  schema  for  a  jump  or  a  call.  Destination  is  the  location 
to  call  or  branch  to.  Note  three  types  of  jump,  absolute  or  Program 
Counter  relative  forwards  or  backwards. 


Uncondit lonalJump 
I  Dest  mat  lonSelect 


val  fc  •  0 

6Reg  =  <Pw(Dest  mat  ion  trim  2D  )T 
Sriem  =  f> 


Unconditional  jump.  P  is  loaded  with  the  value  of  destination. 
JumpIfError 
I  Dest  mat  ionSelect 


val  fc  “  I 
Rea  Trust  «  True 
val  (Rea  E )  ■  1 

&Reg  «  {Pw(Dest inat ion  trim  20  IrlAwPalse. 

IKwEalsc . I YwFalsc . IHwFalse . IBwfalseT 
fillem  »  <> 


Jump  if  the  E  (error)  flaa  is  set.  Set  all  of  the  Illeaal  Reaister 
flaas  to  false'’ 
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val  fc  =  2 
val  (Res  B>  «  1 

6Res  ■  <P»(Oest  mat  lort  trim  20  )> 
firiem  «  <> 


Jump  if  the  B  flas  is  set. 

JumpIfBNotSet 
I  Best  mat  lonSelect 


val  fc  «  3 
val  (Res  B )  •  0 

ARes  -  <P~(  Best  mat  ion  trim  20  )> 
idem  «  <> 


Jump  if  the  B  flas  is  not  set. 

JumpIfAttent  lonSet 
I  Best  mat  lonSelect 


val  fc  •  f 
attent ion  >  1 

6Res  •  <P~( Best inat ion  trim  20 )> 
6nem  »  <> 


Jump  if  the  attention  input  to  the  Viper2  microprocessor  is  set. 
Jumpifflttent  ionNotSet 
I  Best inat ionSelect 


val  fc  «  5 
attention  «  0 

6Res  •  <P»( Best inat ion  trim  20 )> 
Sriem  «  <> 


Jump  if  the  attention  input  to  the  Viper2  microprocessor  is  not  set. 

rFai  ledJumpCondit  ion 
Controllnstruct ion 
HUiper2 


((val  fc  «  1  )  A  (val  (Res  E)  «  0))  v 
((val  fc  ■  2)  A  (val  (Res  B)  ■  0))  v 
((val  fc  ■  3)  A  (val  (Res  B)  ■  1 ))  v 
((val  fc  •  4)  A  (attention  •  0))  v 
((val  fc  ■  5)  A  (attention  ■  i)) 
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If  the  Jump  condition  is  false-  then  UiperZ  state  the  same  (apart 
from  the  Prosram  counter  increment). 


r  Decrement And JumpQnNot Zero 
Oest inat lonSelect 
Res  I ster Select 
&PC  :  RegName  Data 


wal  fc  »  6 

Result  «  r  minus  one 

(Result  »  zero)  •«  (£PC  ■  <P«>(Dest  mat  ion  trim  ZO  )>  ) 
(Result  •  zero)  -•  (&PC  ■  <>) 

(val  si  •  0)  •»  (6Res  •  <A>.Result  .lA^Talsel  •  6PC ) 

(val  si  m  1  )  ••  (ARes  «  fX-Result-IX^Falsel  a  6PC  ) 

(val  si  »  2)  •*  (ARes  >  <Y>^esult.IY>.Pslse>  a  6PC  ) 

(val  si  «  3 )  -•  (ARes  ■  <Zl>J?esult.IZ»rslse>  a  £PC ) 

ihem  =  <} 


Decrement  the  selected  register,  and  jump  if  it  is  not  zero. 


Cal llnstruct  ion 
Dest inat ionSelect 
AFlags  ■  RegName  Data 
TopOfCallFramc.BottomOfNeMUorkspace  :  Data 
BottomOfCallFrame.ProgramStatusUord  t  Data 


BottomOfCallFrame  *  ((Reg  F)  pad  32)  plus 

( (Reg  S )  pad  32  ) 

TopOfCallFrame  ■  BottomDfCsllFrame  plus  one 

ProgramStatusUord  •  (Reg  P)  pad  32  a  <20.*val(Res  Trust)! 
BottomOfNeuUorkspace  -  TopOfCallFrame  plus  one 

ADem  •  f (BottomOfCallFrame  trim  20  )»(Reg  F). 

(TopOfCallFrame  trim  20  )-(PregramStBtuslilord  )> 
6Res  «  <F~(BottamOfNeuUorkspace ). 

P~(Dest  inat  ion  trim  20  ).Postcall.>True> 
a  AFlags 


The  Call  instruction.  Set  up  the  link  frame  on  the  stack,  set  the 
frame  pointer  to  point  to  the  bottom  of  the  neu  Norkspace.  set  the 
postcall  register  to  True  to  ensure  that  the  next  instruction  is  an 
Enter  and  load  in  the  new  value  for  the  program  counter.  The  value  in 
the  error  flags  may  also  alter  if  there  is  a  call  on  Error 
instruction.  The  link  frame  consists  of  tno  data  words. 

The  first  word  is  placed  in  the  location  above  the  top  of  the 
previous  stack  frame  and  is  loaded  with  the  old  frame  pointer.  The 
second  word  is  placed  in  the  location  above  the  first  word.  This  holds 
the  return  program  counter  as  well  as  the  old  value  of  the  trust  bit. 


Uncondit ionalCall 
Calllnstruct ion 

val  fc  ■  B 
6Flags  >  f> 


^5 


Unconditional  jump.  P  is  loaded  with  the  value  of  destination. 
CalllfError 
Calllnstruct ion 

val  fc  '  9 
val  (Res  El  «  1 

Aflass  •  <IAMFalse>I)(>^8lse.IY><FalEe> 
i2MFalse.IB>^alse>E»False> 

Call  if  the  E  (error)  flag  is  set.  Set  all  of  the  Illegal  Registe 
flags  to  false’’ 

CalllfaSet 
I  Cal llnstruct I  on 


val  fc  =  10 
val  (Reg  B  )  =  1 
4Flags  =  <> 

Call  if  the  B  flag  is  set. 

CalllfBNotSet 
Calllnstruct ion 

val  fc  =  11 
val  (Res  B  )  n  0 
6Flags  *  {> 

Call  if  the  B  flag  is  not  set. 

Calllfflttent ionSet  ^ 

I  Calllnstruct ion 


val  fc  «  12 
attention  s  1 
AFlags  •  <> 


Call  if  the  attention  input  to  the  ViperZ  microprocessoi  is  set. 
^CalllfPttent  ionNotSet 
Calllnstruct ion 

val  fc  •  13 
attention  «  0 
6Fla9s  »  <> 


Call  if  the  attention  input  to  the  ViperZ  microprocessor  is  not  set 


IE 


If  the  Cell  condition  is  false«  then  Viper?  stete  the  same  (apart 
from  the  Prosram  counter  increment). 
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4-13  Copy  Instruction 


rCopyFronResI  sterTeCeneralPurposcReaister 
Controilnstruct ion 
ad  :  N 


val 

Fc  • 

7 

val 

ft 

1  • 

0 

ad 

B 

(val 

addr  )  aod  16 

(ad 

m 

01 

(Result 

B 

Reg  A) 

(ad 

B 

1 1 

(Result 

S 

Reg  X) 

(ad 

B 

Z) 

(Result 

B 

Reg  Y1 

(ad 

B 

3) 

(Result 

B 

Res  Z1 1 

(ad 

■ 

4  1 

-• 

(Result 

B 

(Reg  PI  pad  3Z  1 

(ad 

s 

S) 

(Result 

B 

(Reg  F  1  pad  3Z 1 

(ad 

S 

E) 

(Result 

B 

(Reg  S  1  pad  32  1 

(ad 

s 

7) 

(Result 

B 

(Res  U )  pad  32 ) 

(ad 

B 

ei 

(Result 

B 

(Reg  Uatchdog 1  pad  32 1 

(ad 

* 

91 

-• 

(Result 

B 

Reg  01 

Copy  from  a  res i star  a  sebneral  purpose  resister. 
CopyToGeneralPurposeResister 
I  CopyFromRes i ster  ToGeneralPorposeRes i st er 


(val 

sl 

>  0  1  « 

(AReg  « 

<A»Result . lA~False>  1 

(val 

si 

=  1 1  « 

(AReg  « 

<X»Result /IX~False>  1 

(val 

sl 

•  21  M 

(AReg  * 

<Y-ResuU.IY~False>l 

(val 

sl 

«  3 1  •• 

(AReg  « 

<Zl>^esult>IZxFsl5e>  1 

Place  value  in  general  purpose  register. 


CopyFromGeneralPurposeResisterToRegister 


Control  Instruction 
Register Select 

ad  :  N 


val 

val 

Reg 

ad 

(ad 

(ad 

(ad 

(ad 

(ad 

(ad 

(ad 

(ad 

(ad 

(ad 


Fc  -  7 
Fq  «  1 

Trust  •  True 

«  (val  addr  )  aod  IE 
»  0)  M  (6Res  «  '(R~r>IflMFalge> ) 

•  1)  ^  (6Res  •  <X.<r  .IX^iFslse} ) 

•  Z)  ^  (AReg  •  <Y-r , lY-FalseT > 

■3)  ^  (6Reg  »  <Zl**r .IZ>*Folse>  ) 

■  t)  M  (AReg  •  <P«»(r  trip  ZO  )> ) 

•5)  ••  (AReg  ■  <F»(r  trim  ZD  )>NoLimit»True> 

NoSize~True.NoStac'<>^alse> ) 

•  G )  (AReg  •  <S~(r  trim  ZO  ).No5ize-False>  ) 

■  7)  m»  (AReg  *  <U*»(r  trim  ZO  ).NoLimit»iFalse> ) 

•6)  ^  (AReg  ■  <Uatchdos»(r  trim  IE  >>UE>«False> ) 

•9)  ^  (AReg  •  <0~r>  ) 


val  fc  =  14 

(val  (Reg  F))  +  (val  addr  )  *  Z  S  (val  (Reg  U ) ) 

Reg  Postcall  =  True 

(val  fq  =  0)  ^  (6Reg  *{Si^addr#Postcall**False>  ) 

(val  fq  =  1  )  -•  (6Reg  =<S>*addr  ,Trust>^alse,Postcall>»False>  ) 

(val  fq  =  2)  -•  (iReg  =<S«addr ,Trust~True.Postcall>«False>  ) 


The  Enter  Instruction.  This  must  be  executed  immediately  after  a 
call  instruction.  If  it  is  called  at  any  other  time  it  Mill  generate 
an  error.  The  enter  instruction  sets  up  the  frame  size  required  by  the 
routine*  after  checking  that  at  least  2  Mords  of  memory  are  free  at 
the  top  of  the  neM  frame  to  accomadate  a  call  instruction  in  the  neM 
routine.  It  also  sets  up  the  trusted  ness  of  the  routine.  Finally  the 
postcall  bit  is  reset. 


Return  _____ 
I  Calllnstruct ion 


TopOfCallFrame  =  (Reg  F)  minus  one 

ProgramStatusUord  »  f1em(Top0fCallFrame  ) 

BottomOfCallFrame  =  TopOfCallFrame  minus  one 

BottomOfNeHUorkspace  =  nem(BottomOfCallFrame  ) 

6Reg  «  <F>.(BottomOfNeMUorkspace  )* 

P~(ProgramStatusklord  trim  20). 
TrustM( ProgramStatusUord  20). 
SM(BottomOfCallFrame  minus 

(BottomOfNeMUorkspace  trim  20))} 


The  Return  from  subroutine  command.  This  basically  undoes  the  call 
command.  The  frame  pointer  (F)  program  counter  and  trust  bit  are 
reloaded  from  the  link  frame.  The  value  in  the  frame  size  register  is 
calculated  and  loaded  back  in. 


Copies  a  CopyFromGeneralPurposeRegisterToRegister  v 
CopyToGeneralPurposeReg i ster 

The  two  copy  commands.  This  covers  1»4«1»2«B  operations. 


Jump  a  Uncondit ionalJump  v  JumpIfError  v 

Jumpifflttent lonSet  v  JumpIfBNotSet  v 
DecrementPndJumpOnNotZero  v  JumpIfPttent ionNotSet  y 
JumpIfBSet 


Jumps  a  Jump  V  Fai IcdJumpCondi t ion 


The  seven  jump  commands.  This  covers  1«4«7>3«B4  operations. 


SO 


Call  •  Uncondit ionalCall  v  CalllfError  y 

CalllfBSel  v  CallKBNotSet  y  CalllfAttent  ionSet  y 
Calllfftttent ionNotSet 

Calls  ft  Call  y  Fai ledCallCondit ion 


The  six  call  commands*  This  covers  1*4*6*3*72  operation 


Control  ft  Calls  y  Jumps  y  Copies  y  Enter  y  Return 


The  control  operations*  There  are  8+84+72+1*4*2*3 
operat ions* 


4.14  Illcsal  Calls  and  Jumps 


IllesalJump 

Jump 

Errorinstruct ion 
invalid  Destination  •  1 

The  operation  is  a  Jump  but  the  destination  is  not  in  memory  space. 
IllesalJumpCondit ion  ^ 

I  Jumps 

I  Error  Instruct i on 


Res  IB  =  True 

(val  fc  =  2)  V  (val  f c  =  3 ) 


The  Jump  is  dependant  on  6«  but  B  has  not  been  set. 

IllesalJumps  a  IllesalJump  y 

lllesalJumpCondi t ion 

^ IllesalCallError  . 

Control Instruct  ion 
Errorinstruct ion 
Dest inat ionSelect 

TopOfCallFrame.BottomOfNeMUorkspace  t  Data 
BottomOfCallFrame.ProsramStatusUord  :  Data 


(val  fc  2  8)  A  (val  fc  S  13) 

BottomOfCallFrame  «  ((Res  F)  pad  32)  plus 

( (Res  5  )  pad  32  ) 

TopOfCallFrame  >  BottomOfCallFrame  plus  one 

ProsramStatusUord  ■  (Res  P)  pad  32  ♦  <20**val(Re9  Trust  )> 
BottomOfNewUorkspace  «  TopOfCallFrame  plus  one 


Framins  schema  for  Call  errors. 

^  IllesalDest  inat  ion 
I  IllesalCallError 


invalid  Destination  »  1 
6Hem  «  <> 


The  operation  is  a  call  but  the  destination  is  not  in  memory  space. 


f  -  V 


n legalBottomOf Cal IFrame 
I  IllegalCallError 


invalid  GottoniOf  Cal  IFrame  »  1 
iHem  *  <> 

--  -  —  » 

The  bottom  of  the  call  space  is  not  in  memory. 
11 legal TopOfCal IFrame  _ 

I  IllegalCallError 


invalid  TopOfCal IFrame  =  1 

fiHem  =  <(BottomOfCallFrame  trim  2D  )<-*tReg  F  )> 

The  top  of  the  call  space  is  not  in  memory.  This  is  only  noticed 
after  the  first  write  to  memory  has  been  made. 

II legalBot tomOfNewUorkspace  ^ 

I  II legal Cal lErr or 


invalid  BottomOfNewUorkspace  =  1 

firiem  =  <(BottomOfCaHFrame  trim  20  ^(Reg  F). 

(TopOfCallFrame  trim  20  )*^(Pro9ramStatusUord  )> 


The  bottom  of  the  new  work  space  is  not  in  memory.  This  is  only 
noticed  after  the  first  two  writes  to  memory  have  been  made. 


StackNotSet  __ 
I  IllegalCallError 


(Reg  NoStack  «  True)  v  (Reg  NoSize  =  True) 
6Hem  «  <> 


R  call  has  been  made  with  the  stack  not  set. 

IllegalCalls  *  IllegalDestmatton  v 

II legalBottomOf Cal IFrame  v 

I llegalTopOf Cal IFrame  v 

II legalBottomOf NewUorkspace  v 
StackNotSet 

fill  of  the  Illegal  Call  schemas. 
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4.15  Illegal  Cop>' 


CopyErrorl  _____ 
I  Controllnstruct ion 
I  Errorlnstruct ion 


val  fc  =  7 
val  fq  =  0 
fiHem  =  O 

((val  addr  =  0)  a  (Reg  Ifl  =  True)  v 

(val  addr  =  1)  a  (Reg  IX  =  True)  v 

(val  addr  =  2)  a  (Reg  IT  r  True)  v 

(val  addr  =  3)  a  (Reg  12  =  True)  v 

(val  addr  «  S)  a  (Reg  NoStack  *  True)  v 

(val  addr  =  6)  a  (Reg  NoSize  -  True)  v 

(val  addr  =  7)  a  (Reg  NoLimit  =  True)  ) 


Attempt  to  copy  invalid  register. 

CopyError2  ___________ 

I  Controllnstruct ion 
I  Errorlnstruct ion 


val  fc  =  7 
val  fq  =  1 
Reg  Trust  =  True 
idem  =  <> 

((val  si  =  0)  A  (Reg  lA  =  True)  v 

(val  si  «  1  )  A  (Reg  IX  =  True)  v 

(val  si  =  2)  A  (Reg  IT  =  True)  v 

(val  si  «  3)  A  (Reg  12  =  True)  ) 


Attempt  to  copy  invalid  register. 
IllegalCopy  ______ 

I  Controllnstruct ion 
I  Errorlnstruct ion 


val  fc  =  7 
val  fq  =  1 
Reg  Trust  =  False 
6ncm  =  <> 


Attempt  to  copy  to  protected  register,  in  untrusted  mode. 


IllegalCopies  t  CopyErrorl  v  CopyErrorZ  y  IllegalCopy 
Error  in  copying  from  register  to  register. 
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4.16  Postcall  and  Enter  Errors 


—  PostcallNotSet 
Controllnstruct ion 
Errorlnstruct ion 

val  fc  «  H 

Res  Postcall  ^  False 

fiflem  *  <> 


Postcall  is  not  set  and  Enter  has  been  found,  ie  Enter  has  occured 
someMhere  other  than  at  the  start  o^  a  subrout ine> 

EnterNotFound  _  _  .  _ 

I  Controllnstruct ion 
I  Errorlnstruct ion 


val  fc  K  14 

Res  Postcall  *  True 

fiflein  *  <}■ 


Postcall  is  set  and  Enter  has  not  been  found,  ie  Enter  has  not 
occured  at  the  start  of  a  subroutine* 

^StacleOverf  low  —  . 

Controllnstruct ion 
Errorlnstruct ion 

val  fc  =  M 

(val  (Res  F))  +  (val  addr  )  *  Z  >  (val  (Reg  U)) 

Reg  Postcall  *  True 
6Hefn  *  <> 


The  stack  cannot  accomadate  the  present  frame. 


(val  fcl  *  0)  A  (ofts  «  base)  v 
(val  fcl  =  1)  A  Coffs  «  base  plus  (Res  X))  v 
(val  fcl  '  2)  A  (offs  «  base  plus  (Res  Y))  y 
(val  fcl  B  3)  A  (offs  «  base  plus  (Res  21)) 


Urite  error  framins  schema* 

rlllesalindex  _  _ 

Ur  i telnstruct Ion 
Errorlnstruct  ton 

(val  fcl  =  1)  A  (Res  IX  *  True)  v 

(val  fcl  s  2)  A  (Res  lY  »  true)  y 

(val  fcl  =  3)  A  (Res  12  ®  True) 


The  index  resister  specified  is  illesal. 
^GlobalUr  iteError  ^ 

Ur iteError 

val  fch  *  G 
6nem  »  <> 
inval id  offs  *  1 


The  write  location  is  not  in  the  memory  space* 
i^StackFrameUr  iteError  _ 

Ur i teError 

val  fch  ■  1 
6nem  =  <} 

(  inval id  offs  »  1  y 

(val  offs)  <  (val  (Res  F))  y 

(val  offs)  >  (val  (Res  F))  ♦  (val  (Res  S))  ) 


The  write  location  is  not  in  the  stack  frame. 
^GlobalOutputError  ^ 

Ur i teError 

val  fch  =  2 
6Hem  e  {> 
inval id  offs  *  1 


The  output  location  is  not  in  the  memory  space. 


IllesalUr i teAddress  t  GlobalUr iteError  v 

StackPrameUr iteError  v 
GlobalOutputError  v 

Illesalindex 


The  Wr i te  Errors. 


4.19  Other  Uiper2  Errors 


rUatchdosTimout  ^ 

I per2 

Errorinstruct ion 


Reg  UE  =  True 
Reg  Trust  =  False 

* 

The  Matchdog  timer  has  timed  out.  and  ViperZ  is  in  untrusted  mode. 

1 1  legalOpCode 

I  AUiperZ 
I  Errorinstruct ion 


val  sZ  =  15 

((val  Fc  =  6)  A  (val  fq  =  2))  v 
(tval  Fq  =  3)  A  (val  Fc  212)) 


fin  illegal  Op  code.  There  are  1  «4»1«1+1«4«1»4=20 
possibi 1  it les. 


Uiper2_Error  e  IllegalP  v 

UnsetflddressingRegister  y 
RegisterSelectInval id  v 

Register  Invalid  y 

IllegalReadfiddress  y 

firithError  y 

II  legal Jumps  y 

IllegalCopies  y 

LimitNotSet  y 

EnterNotFound  y 

StackOverFloM  y 

PostcallNotSet  y 

IllegalCalls  y 

IllegalUr i tefiddress  y 

UatchdogTimout  y 

II legalOpCode 


The  Viper2  Error  conditions. 
I  arb  :  Uord  -•  Uord 


I  ul>u2  :  Uord  I  *ul  >  *h2  •  ul  «  arb  h2 
The  arb  Function,  ie  no  relationship  between  input  and  output  words 


TrustedError  ^ 

y iper2_Error 

Reg  Trust  «  True 
stop'  •  1 

Error  in  trusted  state,  machine  stops. 


El 


Error  in  untrusted  state-  Set  all  Error  falss  true  and  return  from 
subrout ine. 

Uiper2_Errors  *  UntrustedError  v  TrustedError 


4.20  The  Viper  Top  Level  Specification 


NotStopped  ^ 
AViperZ 

stop*  =  0 


ViperOK  A  Compare  v  ALUOp  v  Control  v  Urite 

ViperZ  has  successfully  completed  an  operation.  There  are  1200  * 
2640  *  168  46  20  >  4036  possible  operations,  ie  all  Op  codes 

accounted  for. 


OKState  a  '»(Uiper2«Errors )  a  ViperOK  a  NotStopped 
NextState  A  Viper 2.Errors  v  OKState  v  Stopped  v  Reset 
The  next  state  of  the  Uiper2  machine. 


S  Conclusions 

This  document  gives  an  initial  specification  of  the  Viper2  in  2.  It  has  bee 
shown  that  2  provides  a  higher  level  of  specification  than  that  written  m  HCL 
It  has  also  demonstrated  that  it  is  a  useful  language  to  produce  a  high  level 
specification  of  a  microprocessor* 

This  specification  was  completed  before  the  KOL  specification  was  complete 
and  so  no  attempt  was  made  to  ensure  conformity  between  the  two. 
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